b81e51821176d2afbbb5248dd096ac22e9dd18ba0f6055679d43f6acbc561513

Sharing

Copy URL

Twitter E-mail

General

Target

b81e51821176d2afbbb5248dd096ac22e9dd18ba0f6055679d43f6acbc561513
Size

2.9MB
MD5

285be63a4f0737ed4119d01bf525cef2
SHA1

03c6665b135b103a1137257f8d126faa385b7ba9
SHA256

b81e51821176d2afbbb5248dd096ac22e9dd18ba0f6055679d43f6acbc561513
SHA512

5ee64e953d5aa357e060f2aecbff45e6f8bb52c2bdd462730c189dc6eb1366f2b7107382bb3a06a33da84079b91b869a568c55743daaf7af77435e1a1bfc4a62
SSDEEP

49152:+eSysjDubuOYfFWKEtue8Zn9FkeR2NIPnLg96U7HRnMMHxBt8ar/d8:hZsPubujFZu8O2PLg9fBHHPeah

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b81e51821176d2afbbb5248dd096ac22e9dd18ba0f6055679d43f6acbc561513

Files

b81e51821176d2afbbb5248dd096ac22e9dd18ba0f6055679d43f6acbc561513
.dll windows:5 windows x86 arch:x86

49e0ec18059890cea8de299591e031fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
SizeofResource
FreeResource
LoadResource
FindResourceW
SetErrorMode
GetStdHandle
FreeLibrary
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
EnterCriticalSection
GetFullPathNameW
InterlockedCompareExchange
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
FlushViewOfFile
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
HeapReAlloc
GetSystemInfo
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
GetComputerNameA
GetCurrentProcessId
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetModuleHandleA
GetVersion
GetFileType
GlobalMemoryStatus
FlushConsoleInputBuffer
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
WriteConsoleW
SetStdHandle
EnumSystemLocalesW
OutputDebugStringW
CreateProcessA
GetStartupInfoA
CreateFileA
CreatePipe
DeleteFileA
DeviceIoControl
WritePrivateProfileStringW
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
LockResource
FindClose
GetFileSize
VirtualFree
ReadFile
GetExitCodeProcess
GetSystemTime
WideCharToMultiByte
CreateProcessW
SystemTimeToFileTime
MoveFileExW
LoadLibraryW
GetNativeSystemInfo
CloseHandle
MultiByteToWideChar
SetFileAttributesW
GetVersionExW
GetFileAttributesW
CreateFileW
WaitForSingleObject
VirtualAlloc
WriteFile
lstrlenW
CreateDirectoryW
DeleteFileW
Sleep
GetComputerNameW
GetSystemDirectoryA
GetLastError
GetVolumeInformationA
GetModuleHandleW
GetUserDefaultLCID
IsValidLocale
GetACP
GetModuleFileNameA
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
SetFilePointerEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetProcessHeap
LocalFree
GetProcAddress
GetLocalTime
HeapAlloc
GetCurrentProcess
HeapFree
LockFileEx
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetFileTime
LoadLibraryExW
InterlockedFlushSList
RtlUnwind

user32

MessageBoxA
GetProcessWindowStation
wsprintfA
wsprintfW
DispatchMessageW
PeekMessageW
GetUserObjectInformationW
TranslateMessage

advapi32

ConvertSidToStringSidA
RegQueryValueExW
ConvertSidToStringSidW
RegOpenKeyExW
OpenProcessToken
RegSetValueExW
RegCloseKey
LookupAccountNameW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCreateKeyW
GetSidSubAuthorityCount
GetSidSubAuthority
GetUserNameW
GetSidIdentifierAuthority
RegCreateKeyExW
GetTokenInformation
LookupAccountNameA
RegEnumKeyExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
IsValidSid
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
ControlService
OpenServiceW

shell32

SHGetSpecialFolderPathW

ole32

CoInitialize

shlwapi

PathFileExistsW

netapi32

Netbios

Exports

Exports

OPENSSL_Applink
rtool

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49e0ec18059890cea8de299591e031fb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

netapi32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 263KB - Virtual size: 263KB

.data Size: 16KB - Virtual size: 37KB

.gfids Size: 1024B - Virtual size: 612B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 48KB - Virtual size: 47KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 263KB - Virtual size: 263KB

.data
Size: 16KB - Virtual size: 37KB

.gfids
Size: 1024B - Virtual size: 612B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 48KB - Virtual size: 47KB